From: SFeldberg@xxxxxxxxxxxxx
Date: Mon Dec 10 2001 - 13:30:46 GMT-3
It's not that the iBGP routes cannot be redistributed into OSPF, the key is
WHERE you are attempting to redistribute the routes into OSPF. You must
redistribute the route on the router that is originating the route (in this
case with a Network statement) on In your scenario, Loopback2 (20.20.20.20
in my configs) must be redistributed from BGP on R2 and Loopback3
(30.30.30.30 in my configs) must be redistributed on R3 . When this is
done, the 20 and 30 networks are propagated as OSPF external routes to R1
and R4.
r1#sh ip route | beg Gateway
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
140.200.0.0/24 is subnetted, 2 subnets
C 140.200.1.0 is directly connected, Ethernet0
C 140.200.3.0 is directly connected, Serial0.1
20.0.0.0/32 is subnetted, 1 subnets
O E2 20.20.20.20 [110/1] via 130.1.1.2, 00:08:47, Serial0.1
130.1.0.0/16 is variably subnetted, 2 subnets, 2 masks
O 130.1.1.2/32 [110/64] via 130.1.1.2, 00:08:47, Serial0.1
C 130.1.1.0/24 is directly connected, Serial0.1
r1#
r4#sh ip route | beg Gateway
Gateway of last resort is not set
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
160.3.0.0/16 is variably subnetted, 2 subnets, 2 masks
O 160.3.0.3/32 [110/64] via 160.3.0.3, 00:09:38, Serial0.1
C 160.3.0.0/24 is directly connected, Serial0.1
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.10.8 is directly connected, Ethernet0
30.0.0.0/32 is subnetted, 1 subnets
O E2 30.30.30.30 [110/1] via 160.3.0.3, 00:09:38, Serial0.1
r4#
r2#sh ip route | beg Gateway
Gateway of last resort is not set
140.200.0.0/24 is subnetted, 1 subnets
C 140.200.3.0 is directly connected, Serial0.1
20.0.0.0/32 is subnetted, 1 subnets
C 20.20.20.20 is directly connected, Loopback0
172.16.0.0/26 is subnetted, 1 subnets
C 172.16.1.64 is directly connected, BRI0
130.1.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 130.1.2.0/24 is directly connected, Serial0.3
C 130.1.1.0/24 is directly connected, Serial0.1
O 130.1.1.1/32 [110/64] via 130.1.1.1, 00:07:57, Serial0.1
133.5.0.0/24 is subnetted, 1 subnets
C 133.5.1.0 is directly connected, Ethernet0
30.0.0.0/32 is subnetted, 1 subnets
B 30.30.30.30 [200/0] via 130.1.2.3, 00:07:47
r2#sh ip bgp | beg Network
Network Next Hop Metric LocPrf Weight Path
*> 20.20.20.20/32 0.0.0.0 0 32768 i
*>i30.30.30.30/32 130.1.2.3 0 100 0 i
*> 130.1.1.1/32 130.1.1.1 64 32768 ?
* i160.3.0.4/32 160.3.0.4 64 100 0 ?
r2#sh ip ospf d | beg Type-5
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
20.20.20.20 172.16.1.65 523 0x80000001 0x6CF7 0
r2#
r3#sh ip route | beg Gateway
Gateway of last resort is not set
20.0.0.0/32 is subnetted, 1 subnets
B 20.20.20.20 [200/0] via 130.1.2.2, 00:07:00
160.3.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 160.3.0.0/24 is directly connected, Serial0.3
O 160.3.0.4/32 [110/64] via 160.3.0.4, 00:07:00, Serial0.3
130.1.0.0/24 is subnetted, 1 subnets
C 130.1.2.0 is directly connected, Serial0.1
30.0.0.0/32 is subnetted, 1 subnets
C 30.30.30.30 is directly connected, Loopback0
r3#sh ip bgp | beg Network
Network Next Hop Metric LocPrf Weight Path
*>i20.20.20.20/32 130.1.2.2 0 100 0 i
*> 30.30.30.30/32 0.0.0.0 0 32768 i
* i130.1.1.1/32 130.1.1.1 64 100 0 ?
*> 160.3.0.4/32 160.3.0.4 64 32768 ?
r3#sh ip ospf d | beg Type-5
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
30.30.30.30 3.3.3.3 487 0x80000001 0x65C9 0
r3#
Steve
"Hotmail"
<jthao1@hotmai To: <ccielab@groupstudy.com>
l.com> cc:
Sent by: Subject: iBGP to OSPF redistributi
on - weird behavior?
nobody@groupst
udy.com
12/10/2001
09:46 AM
Please respond
to "Hotmail"
Hello Group,
I have a very simple problem that I'm having a mental block on. I am
performing redistribution of BGP to OSPF but for some reason, iBGP
discovered routes are not getting redistributed into the OSPF domain. I
have turned off synchronization and auto summary on all BGP routers.
Can iBGP discovered routes be redistributed into OSPF? I don't see why not
but I can't do it.
Here's the scenario:
r1 ----- r2 ----- r3 ----- r4
The connections between routers does not matter.
r1 to r2 - running ospf area 0 only on the interface connecting them
r3 to r4 - running ospf area 0 only on the interface connecting them
r2 to r3 - no IGP, no OSPF, just iBGP AS 10
r2 has a loopback that is introduced into BGP on r2 with the network
command.
r3 has a loopback that is introduced into BGP on r3 with the network
command.
Mutual redistribution from BGP to OSPF (and vice-versa) is performed on
r3.
r3 loopback appears on r4 but not r2 loopback.
Also, if you perform mutual redistribution on r2, the same converse thing
happens. That is: you can see r2 loopback on r1 but not r3 loopback.
My question is: Is this the proper behavior. I don't see why iBGP
discovered routes can not be redistributed into OSPF. This does not seem
right to me. Am I missing something obvious here?
Thanks
Joseph
----- Original Message -----
From: "Frank Kim" <frank@comegetus.com>
To: "Dean, Justin" <Justin.Dean@nrtinc.com>
Cc: <>
Sent: Monday, December 10, 2001 12:12 AM
Subject: Re: OT: Quick way to check if Pix is being attacked
> Try "show conn count"
>
> That will show how many concurrent connections you have running both
> tcp/udp. If you have a small network and the number of the connections
is
> outrageously high, then you're being screwed around by kiddie hacker on
> the internet.
>
>
> -Frank
>
> On Fri, 7 Dec 2001, Dean, Justin wrote:
>
> > Does anyone know how to see if your network is being attacked (or
attemped
> > to be attacked) from the internet, by looking at the PIX? Basically, I
want
> > to find some hard data that would justify looking into an IDS product.
> > Thanks for any input. JD
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:41 GMT-3